Okta Report Surfaces Progress on Shift to Zero-Trust

A report published this week by Okta suggested that organizations have significantly shifted allocation of budgets to ensure higher levels of security.

Based on an anonymized analysis of how Okta customers allocated their cybersecurity budgets, the report found just under a quarter (22%) have deployed one or more zero-trust configurations.

Chris Niggel, regional chief security officer for Okta, said that shift aligned with a previous Okta survey that found 99% of organizations have made identity management a core element of their zero-trust strategy.

There is still much work to be done in terms of achieving that goal, with 19% of Okta customers having implemented WebAuth to reduce reliance on passwords. Even less (5%) have implemented risk-based policies.

Overall, the report found deployment of security tools, overall, grew 23% year-over-year, with firewalls and virtual private networks (VPNs) seeing a 31% increase in adoption last year. Endpoint management and security platforms are now in second place after a 25% increase in adoption, followed by training tools that saw a 39% increase in adoption and infrastructure monitoring tools that saw a 29% increase in adoption.

While firewalls and VPNs have always been at the forefront of the cybersecurity agenda, the increase in adoption of endpoint management and security platforms reflects the challenges organizations are encountering securing mobile devices in a era where more employees are working remotely. In fact, the Okta report noted there has been a 172% increase in adoption of the Kandji endpoint management and security platform in the last year.

Making matters more challenging, the report also found more employees are travelling again. The report found a 42% increase in the number of customers that have deployed some type of travel-related application in the last year.

In general, the report suggested that more organizations are opting for applications from vendors that, in addition to improving productivity, have been able to deliver more value in terms of security, said Niggel. Organizations do not want to have to invest in a separate overlay to secure software-as-a-service (SaaS) applications, he added.

In general, cybersecurity teams have come to terms with the fact that it’s their role to enable end users to access applications versus dictating specifically which ones can be accessed based on security concerns, said Niggel. Business users have access to corporate credit cards that allow them to access SaaS applications at will, so it’s no longer feasible for cybersecurity teams to set up roadblocks, he noted. Organizations do, however, need to make sure enough pressure is applied to those application providers to invest in the appropriate level of controls to deter, for example, phishing attacks, added Niggel.

There’s little doubt that there will be additional shifts in allocations of budget dollars as more organizations adopt zero-trust principles. The pace at which that adoption is occurring should increase in the year ahead as more organizations better understand what’s required to achieve that goal. In the meantime, it’s up to cybersecurity teams to ensure cybersecurity is maintained using the tools at hand.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 785 posts and counting.See all posts by mike-vizard